Network address translation, 6to4 tunneling, and IVI translation on a bare PC

Author/Creator ORCID

Date

2013-01-15

Department

Towson University. Department of Computer and Information Sciences

Program

Citation of Original Publication

Rights

Copyright protected, all rights reserved.
There are no restrictions on access to this document. An internet release form signed by the author to display this document online is on file with Towson University Special Collections and Archives.

Subjects

Abstract

The next-generation Internet is expected to have a long transition period during which Internet Protocol versions 4 and 6 (IPv4 and IPv6) will co-exist. This implies continued use of gateways supporting private/public address translation in IPv4 networks, and an increased use of gateways that are capable of IPv4/IPv6 tunneling or address translation. This dissertation deals with the design, implementation, and performance of bare PC gateways that do the functions of Network Address Translation (NAT), 6to4 tunneling, and IVI (IPv4/IPv6) translation. We describe the architecture of bare PC gateways, and compare their performance with conventional Linux gateway implementations using the same hardware in a test LAN environment. Bare PC systems, including bare PC gateways, enable software to run directly on ordinary PC hardware without using any operating system or kernel. They are of interest to builders of minimalist platforms that serve as an alternative to feature-rich systems. In addition to their performance advantages, bare PC systems provide fewer opportunities for attack. We first consider a bare PC NAT device and its performance. NAT (Network Address Translation) is a critical function in IPv4 networks that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. Our results show that the bare PC NAT has better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. We show in particular that there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate further that there is plenty of capacity left for implementing supplementary functions such as deep packet inspection and routing if needed. We next consider a bare PC 6to4 gateway and study performance of 6to4 tunneling with and without NAT co-location. 6to4 tunneling is a transition mechanism for enabling IPv6 devices and networks to connect to today's Internet, which is primarily IPv4-based. Our results show that performance using 6to4 with a co-located NAT is better than with a decoupled NAT regardless of whether a Linux or a bare 6to4 gateway is used. In general, performance improvements with a co-located versus a decoupled NAT range from 34%-57% for the bare PC gateway and 7%-45% for the Linux gateway. Furthermore, performance improvements for a bare PC versus a Linux gateway range from 23%-86% with co-located and decoupled NATs. Finally, we consider IVI translation. The stateless IPv4/IPv6 translation technique known as IVI is a relatively new approach that provides connectivity between IPv4 and IPv6 hosts in the Internet. Evaluating IVI overhead, we find that address mapping is the most expensive function in the translation algorithm. Moreover, translating IPv4 packets to IPv6 packets has more overheard than translating in the reverse direction. This research shows that bare PC gateways can be used as low-cost gateways in the next-generation Internet. It also characterizes the performance trade-off between using Linux gateways with more features and bare gateways with only minimal features that are necessary for its purpose.